POTD skeleton #102.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2018-06-11 17:33:31 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2018-06-11 17:33:31 +0200
commit: aa8fb9511c8efb70952ef6b01fcd803847d6704c (patch)
tree: fe378dc5162eaa99ee2a03f724c5873553d42cba /src/jail.c
parent: 6faf24d6a8985d721e989f75505dae83c7dda20b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/jail.c b/src/jail.c
index ddd1926..9ed75f8 100644
--- a/src/jail.c
+++ b/src/jail.c
@@ -15,6 +15,7 @@
 #include "capabilities.h"
 #include "utils.h"
 #include "log.h"
+#include "options.h"
 
 typedef struct prisoner_process {
     psocket client_psock;
@@ -373,7 +374,8 @@ static int jail_childfn(prisoner_process *ctx)
             );
 
             pseccomp_set_immutable();
-            pseccomp_init(&psc, 0);
+            pseccomp_init(&psc,
+                (getopt_used(OPT_SECCOMP_MINIMAL) ? PS_MINIMUM : 0));
             if (pseccomp_jail_rules(psc))
                 FATAL("%s", "SECCOMP: adding jail rules");
             pseccomp_free(&psc);
author	Toni Uhlig <matzeton@googlemail.com>	2018-06-11 17:33:31 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2018-06-11 17:33:31 +0200
commit	aa8fb9511c8efb70952ef6b01fcd803847d6704c (patch)
tree	fe378dc5162eaa99ee2a03f724c5873553d42cba /src/jail.c
parent	6faf24d6a8985d721e989f75505dae83c7dda20b (diff)